VPN port 500 & 1723- how to check if ports are listening 3

[sm42]

Hello

I'm having trouble with connecting to the office's vpn.

I have a D-link dsl-g604t, if I open port 500 and 1723, how can I verify that those port are open and listening?

Thanks in advance.

 

[MaxPipeline]

First of all what VPN application are you using? Is this Windows PPTP or is this an IPSec client app on your PC or is the D-Link the tunnel endpoint? IPSec uses UDP 500 (and possibly UDP 4500 if using NAT traversal). IPSec also uses IP protocol 50 (ESP) or 51 (AH). PPTP uses TCP 1723 and IP Protocol 47. Second, what direction are you going? I assume that your D-Link side is the client side and the office is the server side. But if the D-Link side is the server you will need to have some sort of PPTP or IPSec pass-through enabled. Third, does your router have firewall capabilities? If so does it have the ability to log traffic? This could show you if these protocols are passing or not. More details required.

 

[sm42]

vpn application is:
AT&T Network Client - IBM - Version 5.09.2
AT&T IPSec Application - Version 5.09.2
The d-link is not the tunnel endpoint, the vpn client software is.

There is a firewall, the d-link does not seem to be able to log traffic.

 

[ROUTERKID1]

make sure you can ping your VPN server from a basic internet connection and check with AT&T to see what ports that require open.

 

[LloydSev]

To expand on what MaxPipeline said..

PPTP uses port 1723 and protocol 47
IPSec uses port 500 and protocols 50 & 51

What protocol are you using? PPTP, L2TP or IPSec to try to connect?

Computer/Network Technician
CCNA

 

[ROUTERKID1]

Netstat-a will show all listening ports on your machine. For the D link there should be a firewall area in the config where you can open or close ports. connect to 192.168.1.1 from the run line

 

[sm42]

This is what I got fro D-link:

Dear Customer,

Your Request:

04/18/04:00 PM
==========================

Needs help opening ports for VPN.

has been answerd as follows:

Dear Customer,

These VPNs do not require ports to be opened to work through a router. Enable Nat Transparency (Traversal) on the client VPN software. If any of these are using IPSec (AH), it will not and cannot work through NAT (built into the Router). IPSec using ESP will work. All D-Link routers have PPTP and IPSec passthrough.

Please make sure you have the latest firmware on your router. You can download the new firmware from ftp://ftp.dlink.co.uk/dsl_routers_modems/

and
Open TCP port 1723 and UDP port 500 on your router.
Go to

http://www.grc.com

and do a shields up test and make sure it shows the above poets as "open"



We hope that this answers your question and that your request is now resolved. This information is also available through our Support Portal at

http://support.dlink.de

Regards - your D-Link Support Team

P.S. If you have further questions regarding this request, please reply to this eMail without modifying the subject text.

 

[ROUTERKID1]

ok try what they said and see what happens

 

[sm42]

I tried what d-link suggested, but no success.

I also tried, on a Cisco 1700 adsl router (no firewall).
The vpn still did not connect.

I have tried all sorts now.
I hoped the cisco would have worked.
What else can I now try?

Any feedback appreciated.

 

[sm42]

By the way, I'm using IPSEC ESP.

The vpn client does have an option, UDP 4500 NAT traversal, but enabling this option does not connect the vpn.

 

[LloydSev]

nat traversal is required to connect with NAT.

Computer/Network Technician
CCNA

 

[sm42]

Ok, thanks.

Would the ouptput of the vpn client log or from Ethereal be useful to post?

 

[LloydSev]

what hardware are you attempting to connect to?

Computer/Network Technician
CCNA

 

[sm42]

I have a d-link g604t and a cisco 1700 router.
I can use either router.

 

[sm42]

It may be easier to connect to the cisco1700, since there's no firewall.
If we get it working on the cisco, we can try the d-link g604t later.